making a Debian Live CD for managing GnuPG master key and smartcards
flapflap at riseup.net
Wed Apr 27 13:35:17 CEST 2016
>  is a How-To for creating an OpenPGP keypair for use with GnuPG on
> an airgapped system (using Tails) and exporting the subkeys for
> day-to-day use. There is a link  to a second guide to export the
> subkeys to an OpenPGP smartcard.
I was also about suggesting Tails, so thanks for doing that for me :)
> The benefit is that everything on the CD is self-contained, it can't be
> tampered with, it can run without network support in the kernel and the
> workflow would be controlled by a script. All the details, including
> workflow, are described in a wiki
Tails can be instructed in the Tails Greeter to disable all network
As far as I understand it, Tails unconditionally blacklists the drivers
of all network devices . If network access is enabled in the
Greeter, the blacklist is deleted  and the related services are
restarted; if network access is not enabled, the blacklist stays in place.
Yet, Tails might not be what you want because you have a different usage
pattern and thread model in mind. For instance Tails ships non-free
software (and isn't happy about that) but needs to balance with the
possibility to run on almost every device a non-technical savvy user
wants it to boot from (which might not be the case for your use case).
More information about the Gnupg-users